errcode_t KRB5_CALLCONV
profile_init(const_profile_filespec_t *files, profile_t *ret_profile)
{
const_profile_filespec_t *fs;
profile_t profile;
prf_file_t new_file, last = 0;
errcode_t retval = 0, access_retval = 0;
profile = malloc(sizeof(struct _profile_t));
if (!profile)
return ENOMEM;
memset(profile, 0, sizeof(struct _profile_t));
profile->magic = PROF_MAGIC_PROFILE;
/*
* If the filenames list is not specified or empty, return an empty
* profile.
*/
if ( files && !PROFILE_LAST_FILESPEC(*files) ) {
for (fs = files; !PROFILE_LAST_FILESPEC(*fs); fs++) {
retval = profile_open_file(*fs, &new_file);
/* if this file is missing, skip to the next */
if (retval == ENOENT) {
continue;
}
/* If we can't read this file, remember it but keep going. */
if (retval == EACCES || retval == EPERM) {
access_retval = retval;
continue;
}
if (retval) {
profile_release(profile);
return retval;
}
if (last)
last->next = new_file;
else
profile->first_file = new_file;
last = new_file;
}
/*
* If last is still null after the loop, then all the files were
* missing or unreadable, so return the appropriate error.
*/
if (!last) {
profile_release(profile);
return access_retval ? access_retval : ENOENT;
}
}
*ret_profile = profile;
return 0;
}
void
krb5_os_free_context(krb5_context ctx)
{
krb5_os_context os_ctx;
os_ctx = &ctx->os_context;
if (os_ctx->default_ccname) {
free(os_ctx->default_ccname);
os_ctx->default_ccname = 0;
}
os_ctx->magic = 0;
if (ctx->profile) {
profile_release(ctx->profile);
ctx->profile = 0;
}
if (ctx->preauth_context) {
krb5_free_preauth_context(ctx);
ctx->preauth_context = NULL;
}
krb5int_close_plugin_dirs (&ctx->preauth_plugins);
krb5int_close_plugin_dirs (&ctx->libkrb5_plugins);
#ifdef _WIN32
WSACleanup();
#endif /* _WIN32 */
}
void e2fsck_free_context(e2fsck_t ctx)
{
if (!ctx)
return;
e2fsck_reset_context(ctx);
if (ctx->blkid)
blkid_put_cache(ctx->blkid);
if (ctx->profile)
profile_release(ctx->profile);
if (ctx->filesystem_name)
ext2fs_free_mem(&ctx->filesystem_name);
if (ctx->device_name)
ext2fs_free_mem(&ctx->device_name);
if (ctx->log_fn)
free(ctx->log_fn);
if (ctx->logf)
fclose(ctx->logf);
if (ctx->problem_log_fn)
free(ctx->problem_log_fn);
if (ctx->problem_logf)
fclose(ctx->problem_logf);
ext2fs_free_mem(&ctx);
}
bool sss_krb5_realm_has_proxy(const char *realm)
{
krb5_context context = NULL;
krb5_error_code kerr;
struct _profile_t *profile = NULL;
const char *profile_path[4] = {"realms", NULL, "kdc", NULL};
char **list = NULL;
bool res = false;
size_t c;
if (realm == NULL) {
return false;
}
kerr = krb5_init_context(&context);
if (kerr != 0) {
DEBUG(SSSDBG_OP_FAILURE, "krb5_init_context failed.\n");
return false;
}
kerr = krb5_get_profile(context, &profile);
if (kerr != 0) {
DEBUG(SSSDBG_OP_FAILURE, "krb5_get_profile failed.\n");
goto done;
}
profile_path[1] = realm;
kerr = profile_get_values(profile, profile_path, &list);
if (kerr == PROF_NO_RELATION || kerr == PROF_NO_SECTION) {
kerr = 0;
goto done;
} else if (kerr != 0) {
DEBUG(SSSDBG_OP_FAILURE, "profile_get_values failed.\n");
goto done;
}
for (c = 0; list[c] != NULL; c++) {
if (strncasecmp(KDC_PROXY_INDICATOR, list[c],
KDC_PROXY_INDICATOR_LEN) == 0) {
DEBUG(SSSDBG_TRACE_ALL,
"Found KDC Proxy indicator [%s] in [%s].\n",
KDC_PROXY_INDICATOR, list[c]);
res = true;
break;
}
}
done:
profile_free_list(list);
profile_release(profile);
krb5_free_context(context);
return res;
}
void e2fsck_free_context(e2fsck_t ctx)
{
if (!ctx)
return;
e2fsck_reset_context(ctx);
if (ctx->blkid)
blkid_put_cache(ctx->blkid);
if (ctx->profile)
profile_release(ctx->profile);
ext2fs_free_mem(&ctx);
}
krb5_error_code
krb5_set_config_files(krb5_context ctx, const char **filenames)
{
krb5_error_code retval = 0;
profile_t profile;
retval = profile_init(filenames, &profile);
if (retval)
return retval;
if (ctx->profile)
profile_release(ctx->profile);
ctx->profile = profile;
return 0;
}
krb5_error_code
krb5_secure_config_files(krb5_context ctx)
{
/* Obsolete interface; always return an error.
* This function should be removed next time a major version
* number change happens.
*/
krb5_error_code retval = 0;
if (ctx->profile) {
profile_release(ctx->profile);
ctx->profile = 0;
}
ctx->profile_secure = TRUE;
retval = os_init_paths(ctx, FALSE);
if (retval)
return retval;
return KRB5_OBSOLETE_FN;
}
errcode_t KRB5_CALLCONV
profile_init_flags(const_profile_filespec_t *files, int flags,
profile_t *ret_profile)
{
const_profile_filespec_t *fs;
profile_t profile;
prf_file_t new_file, last = 0;
errcode_t retval = 0, access_retval = 0;
char *modspec = NULL, **modspec_arg;
profile = malloc(sizeof(struct _profile_t));
if (!profile)
return ENOMEM;
memset(profile, 0, sizeof(struct _profile_t));
profile->magic = PROF_MAGIC_PROFILE;
/*
* If the filenames list is not specified or empty, return an empty
* profile.
*/
if ( files && !PROFILE_LAST_FILESPEC(*files) ) {
for (fs = files; !PROFILE_LAST_FILESPEC(*fs); fs++) {
/* Allow a module declaration if it is permitted by flags and this
* is the first file parsed. */
modspec_arg = ((flags & PROFILE_INIT_ALLOW_MODULE) && !last) ?
&modspec : NULL;
retval = profile_open_file(*fs, &new_file, modspec_arg);
if (retval == PROF_MODULE && modspec) {
/* Stop parsing files and load a dynamic module instead. */
free(profile);
retval = init_load_module(modspec, ret_profile);
free(modspec);
return retval;
}
/* if this file is missing, skip to the next */
if (retval == ENOENT) {
continue;
}
/* If we can't read this file, remember it but keep going. */
if (retval == EACCES || retval == EPERM) {
access_retval = retval;
continue;
}
if (retval) {
profile_release(profile);
return retval;
}
if (last)
last->next = new_file;
else
profile->first_file = new_file;
last = new_file;
}
/*
* If last is still null after the loop, then all the files were
* missing or unreadable, so return the appropriate error.
*/
if (!last) {
profile_release(profile);
return access_retval ? access_retval : ENOENT;
}
}
*ret_profile = profile;
return 0;
}
long
profile_init(const char **files, profile_t *ret_profile)
{
const char **fs;
profile_t profile;
prf_file_t new_file, *last;
long retval = 0;
char **cpp, *cp, **array = 0;
profile = malloc(sizeof(struct _profile_t));
if (!profile)
return ENOMEM;
memset(profile, 0, sizeof(struct _profile_t));
profile->magic = PROF_MAGIC_PROFILE;
last = &profile->first_file;
/* if the filenames list is not specified return an empty profile */
if ( files ) {
for (fs = files; !PROFILE_LAST_FILESPEC(*fs); fs++) {
retval = get_dirlist(*fs, &array);
if (retval == 0) {
if (!array)
continue;
for (cpp = array; (cp = *cpp); cpp++) {
retval = profile_open_file(cp, &new_file);
if (retval == EACCES)
continue;
if (retval)
goto errout;
*last = new_file;
last = &new_file->next;
}
} else if ((retval != ENOTDIR) &&
strcmp(*fs, default_filename))
goto errout;
retval = profile_open_file(*fs, &new_file);
/* if this file is missing, skip to the next */
if (retval == ENOENT || retval == EACCES) {
continue;
}
if (retval)
goto errout;
*last = new_file;
last = &new_file->next;
}
/*
* If all the files were not found, return the appropriate error.
*/
if (!profile->first_file) {
profile_release(profile);
return ENOENT;
}
}
free_list(array);
*ret_profile = profile;
return 0;
errout:
free_list(array);
profile_release(profile);
return retval;
}